Federal gov beefing up privacy laws for data breach penalties
Share
The federal government is pushing to beef up privacy laws in the wake of large-scale cyber attacks and data breaches compromising the personal details of millions of Australians.
Proposed legislation on increasing penalties for companies that don’t protect private information will force overseas companies to comply with Australian laws in more circumstances.
Penalties for serious or repeated interferences with privacy will also be increased to a maximum of $50 million, three times any gain the company receives from the breach or 30 per cent of its turnover in a certain time frame.
New information-gathering powers will also be granted to the independent Australian Information Commissioner in relation to actual or suspected data breaches.
Privacy Commissioner Angelene Falk said the simplification of the law will protect against overseas companies avoiding domestic laws through complex technicalities.
“In a digital world where data knows no borders, our privacy law must protect Australians’ personal information wherever it flows,” she told a Senate inquiry.
Commissioner Falk said increased fines needed to provide a large enough incentive to ensure corporate Australia invests in the security of Australians’ personal information.
“Ideally, the penalties wouldn’t need to be utilised because we’d see an uplift in security posture and a reduction in data breaches,” she said.
David Vaile, from the Australian Privacy Foundation, wants the legislation to go further, telling the inquiry large companies can put fines down to the cost of doing business.
Mr Vaile wants the “serious or repeated” test removed, saying the likelihood of low or no fines for initial underinvestment in cyber security is the equivalent of being “lashed with a limp lettuce leaf”.
“Everyone looks around at this and says ‘There are no penalties, so why not try it’,” he said.
“The rule of thumb in some of the bigger operators is … better to ask for forgiveness than permission, which is effectively ‘Let’s see if we can get away with it’.”
Privacy groups say the laws need to increase the cost of “data gluttony”, where companies try to gather and store as much information as possible.
“You can’t lose what you don’t have,” Electronic Frontiers Australia’s Justin Warren told the hearing.
The Australian Federal Police noted an increase in cyber security attacks.
The agency is supportive of the new measures, saying it is important sensitive information is not made public.
The committee is due to report its findings on Tuesday, paving the way for the Senate to debate the bill.
With AAP
Eliza is a content producer and editor at Public Spectrum. She is an experienced writer on topics related to the government and to the public, as well as stories that uplift and improve the community.
Today’s Pick
11th Annual Aus Goverment Data Summit
April 1, 2025
7th Annual NZ Government Data Summit
May 7, 2025
3rd Public Sector Comms Week
May 14, 2025
Subscribe
We send emails,
but we do not spam
Join our mailing list to be on the front lines of healthcare , get exclusive content, and promos.
AI appointment Australia Australian boost boosts business businesses covid-19 cyber cyber attack cyber security cybersecurity data data breach data management defence Digital Education employment enhance enhances Featured Leader fraud funding government grants Healthcare infrastructure Innovation Lockdown new zealand NSW NZ online Procurement public Public Sector queensland renewable energy scams Social Media Technology telecommunications victoria
Last Viewed
Watchdog discovers data access issues with law enforcement bodies
ABC and SBS receive $4.2B after funding indexation freeze
Proactive approach to ESG compliance
How Public Sector Leaders can build their Thought Leadership
Mastercard becomes first private organisation to be accredited under TDIF